Beruflich Dokumente
Kultur Dokumente
A
Seminar Report
submitted
in partial fulfilment
for the award of the Degree of
Bachelor of Technology
in Department of Information Technology
SESSION (2014-2015)
Submitted To:
Submitted by:
Ankita Jain
(Assistant Professor,
College ID-10IT004
Candidates Declaration
I hereby declare that the work, which is being presented in the seminar, entitled Cyber
Terrorism in partial fulfillment for the award of Degree of Bachelor of Technology in
Department of Computer Engineering & Information Technology with specialization in
Information Technology, Rajasthan Technical University is a record of my own investigations
carried for Seminar on IT Acts.
I have not submitted the matter presented in this Seminar anywhere for the
award of any other degree.
Ankita Jain
Information Technology
College ID: -10IT004
Govt. Mahila Engineering College, Ajmer
CERTIFICATE
This is to certify that Ms. Ankita Jain of VIII Semester, B. Tech (Information Technology)
2010-14, has submitted a seminar titled Cyber Terrorism in partial fulfillment for the award
of the degree of Bachelor of Technology under Rajasthan Technical University, Kota.
Date:-
ACKNOWLEDGEMENT
I feel profound happiness in forwarding this seminar report as an image of sincere efforts. All
who generously helped by sharing their valuable experience and devoting their precious time
with me, without whom this seminar report would never been accomplished.
First and foremost I extend my thanks and gratitude to Mr. Saurabh Maheshwari (Asst.
Professor), Govt. Mahila Engineering College, Ajmer
guidance, teaching and certain suggestion provide me the timely valuable input which enhanced
my knowledge and thus helped in development of this seminar report .
Yours
Sincerely
ANKITA JAIN
TABLE OF CONTENTS
CHAPTER NO.
TITLE
PAGE NO.
CANDIDATES DECLARATION
CERTIFICATE
ACKNOWLEDGEMENT
PLAGIARISM CERTIFICATE
ABSTRACT
1)
INTRODUCTION
1-3
3)
5-6
4)
5)
4.4 Hacking
CYBER ATTACKS
8-9
5.1.2 Vandalism
5.2.1 Scanning
5.2.3 Malware
5.2.4 Viruses
5.2.5 Worms
6)
CASE STUDY
10-11
7)
8)
12-13
12
13
13
14-15
16-18
16
16
16
16
16
9.6 Monitor
16
9.7 Filter
17
17
9.9 Communicate
17
17
17
17
17
17
10)
17
17
CONCLUSION
19
REFERENCES
20
ABSTRACT
Cyber terrorism is a new terrorist tactic that makes use of information systems or digital
technology, especially the Internet, as either an instrument or a target. As the Internet becomes
more a way of life with us, it is becoming easier for its users to become targets of the cyber
terrorists. The number of areas in which cyber terrorists could strike is frightening, to say the
least.
The difference between the conventional approaches of terrorism and new methods is
primarily that it is possible to affect a large multitude of people with minimum resources on the
terrorist's side, with no danger to him at all. We also glimpse into the reasons that caused
terrorists to look towards the Web, and why the Internet is such an attractive alternative to them.
The growth of Information Technology has led to the development of this dangerous web of
terror, for cyber terrorists could wreak maximum havoc within a small time span. Various
situations that can be viewed as acts of cyber terrorism have also been covered. Banks are the
most likely places to receive threats, but it cannot be said that any establishment is beyond
attack. Tips by which we can protect ourselves from cyber terrorism have also been covered
which can reduce problems created by the cyber terrorist.
We, as the Information Technology people of tomorrow need to study and understand the
weaknesses of existing systems, and figure out ways of ensuring the world's safety from cyber
terrorists. A number of issues here are ethical, in the sense that computing technology is now
available to the whole world, but if this gift is used wrongly, the consequences could be
disastrous. It is important that we understand and mitigate cyber terrorism for the benefit of
society, try to curtail its growth, so that we can heal the present, and live the future.
CHAPTER 1
INTRODUCTION
The world is a very large place, but it is getting smaller, thanks to the advent of computers and
Information Technology. However, the progress that we've made in these fields also has a dark
side, in that a new terrorist tactic, commonly called Cyber terrorism has developed. The old,
conventional methods of assassination and hostage taking are slowly fading, as terrorists head
towards the Internet to pull their stunts. The cause for this kind of a transition stems from the fact
that the terrorist has long since realized that removing one official from office only causes
another official to take his place; which is not the end-result the terrorist wished to achieve. This
causes the terrorist to take to the net, thus affecting a wider section than could otherwise have
been targeted. From disabling a country's economy to shutting off power in large areas, it's all
possible, with less risk to the terrorists.
Cyber terrorism is any act of terrorism that uses information systems or digital technology
(computers or computer networks) as either an instrument or a target. Cyber terrorism can either
be "international", "domestic" or "political", according to the nature of the act, but it is always an
act involving a combination of the terrorist and the computer.
service attacks, or terroristic threats made via electronic communication. National Conference
of State Legislature.
1.5 Difference between real worlds physical terrorism and cyber terrorism
Chances of capture, injury or death to a cyber terrorist are less Cyber terrorism is difficult
to track.
CHAPTER 2
FORMS OF CYBER TERRORISM
2.1 Bank Threatening
As you know one of the most popular forms of Cyber terrorism is to threaten a large bank. The
terrorists hack into the system and then leave an encrypted message for senior directors, which
threaten the bank. What adds to the difficulty to catch the criminals is that the criminals may be
in another country. A second difficulty is that most banks would rather pay the money than have
the public know how vulnerable they are.
one, the viruses can consume system resources until networks become useless, costing
companies lots of time and money. Also, depending on the type of work done on the affected
computers, the damage to the beneficiaries of that work could be lethal. Even if the person never
meant to harm someone with their virus, it could have unpredictable effects that could have
terrible results.
CHAPTER 3
STRATEGIES OF CYBER TERRORISM
3.1 Unauthorized access & Hacking
One of the criminal activities is unauthorized access that would therefore mean any kind of
access without the permission of either the rightful owner or the person in charge of a computer,
computer system or computer network.
Every act committed towards breaking into a computer and/or network is hacking. Hackers
write or use ready-made computer programs to attack the target computer. They possess the
desire to destruct and they get the kick out of such destruction.
these acts may be considered computer fraud, computer and information theft or cyber terrorism,
violations of which can even result in felony charges.
When Does Snooping Cross the Line?
Sometimes businesses or government agencies actually use hacking-type actions for
legitimate purposes. So long as these actions are strictly-controlled, for example to gather
evidence of civil torts (such as dissemination of trade secrets, libel or defamation of character),
criminal actions, or as part of a clearly-publicized school / workplace policy, it is legal to access
private e-mails. E-mails can be particularly valuable sources of information given the fact that
people are generally less-guarded with their language and more apt to share incriminating
information.
Hacking, defined as breaking through a security barrier without permission to access data, is
both unethical and illegal if not used for a legitimate civil or law enforcement purpose. There are
several different methods of accessing someones e-mail, all of which can be unethical, rude and
possibly illegal. Hackers have even posted videos on the Internet describing how to do it! Some
computer software programs can be utilized which will run infinite combinations in an attempt to
obtain a users e-mail password; more common is for an individual to try and guess the password
of an acquaintance. Should you be given a persons e-mail password it is unethical, but probably
not illegal, to snoop on them by reading it.
It is also possible to gain access to private e-mails or Web pages via interception of
information routed across the public Internet. This may or may not be considered a criminal act,
since the public Internet is an unsecured forum. Another method of gaining access to seemingly
private e-mails or Web pages visited is to just open the pages or programs on a computer where
the prior user did not log out. Again, this is inappropriate, unethical and rude, but is probably not
illegal; there is no expectation of privacy in the information if it was left for public access.
Using hacking techniques to break into the e-mail or private social networking page of
another person (for example an ex-boyfriend or boyfriend, former spouse, adult child or new
beau) is just wrong. These actions may seem innocent to you you may be just trying to gather
information or trying to play an innocent prank by resetting a friends password. No matter your
intent, you may be in violation of state or federal law. It is important to remember that ignorance
of the law is no defense you can still be held liable regardless of whether or not you thought
your actions were criminal.
list is only marginally alphabetical, by first name, which is almost as shocking as the contents of
the files.)This is old-fashioned stuff for the most part. Type-written letters, lots of scribbled
initials, and whole chunks of documents blacked out with what must be a special FBI-invented
marker.
On a more modern note, who could resist adding their favorite FOIA file to face book?
Sending malicious codes through email E-mails are used to send viruses, Trojans etc through
emails as an attachment or by sending a link of website which on visiting downloads malicious
code.
CHAPTER 4
TYPE OF CYBER TERRORISM
4.1 Information theft
Minor attacks come in the form of data diddling, where information in the computer is
changed This may involve changing medical or financial records or stealing of passwords.
Hackers may even prevent users who should have access from gaining access to the machine.
4.4 Hacking
Hacking basically knows programmable systems and now they work, some agencies hire hackers
to show them the down falls in their security system so they can improve if against hackers that
want information or access into the computer for other reasons. Hacking is a form of art for some
people.
CHAPTER 5
CYBER ATTACKS
5.1 Physical access attacks
5.1.1Wire tapping
Wiretapping is a particular form of electronic surveillance that gmonitor telegraphic
communication .the introduction of such surveillance raised fundamental issues concerning
personal privacy.
5.1.2 Vandalism
Vandalism is any addition, removal, or change of content in a deliberate attempt to compromise
the integrity of Wikipedia. Examples of typical vandalism are adding irrelevant obscenities and
crude humor to a page, illegitimately blanking pages, and inserting obvious nonsense into a page.
A computer virus is a type of malware that, when executed, replicates by inserting copies of itself
(possibly modified) into other computer programs, data files, or the boot sector of the hard drive;
when this replication succeeds, the affected areas are then said to be "infected.
5.2.5 Worms
A computer worm is a standalone malware computer program that replicates itself in order to
spread to other computers. Often, it uses a computer network to spread itself, relying on security
failures on the target computer to access it. Unlike a computer virus, it does not need to attach
itself to an existing program. Worms almost always cause at least some harm to the network,
even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on
a targeted computer.
CHAPTER 6
CASE STUDIES
6.1 The Stuxnet Attack on Iran's Nuclear Plant Was 'Far More Dangerous'
Than Previously Thought
Stuxnet is a computer worm that was discovered in June 2010. It was designed to
attack Siemens Step7 software running on a Windows operating system.] Stuxnet reportedly
ruined almost one-fifth of Iran's nuclear centrifuges by making them spin out of control while
simultaneously making them appear to be running normally, by replaying the recorded system
values of normal operation. It is speculated to have been created by U.S and Isareli agencies to
attack Irans nuclear facilties.
The Stuxnet virus that ravaged Iran's Natanz nuclear facility "was far more dangerous than the
cyber weapon that is now lodged in the public's imagination," cyber security expert Ralph
Langer tells foreign policy. Stuxnet, a joint U.S- Isarel project, is known for reportedly
destroying roughly a fifth of Iran's nuclear centrifuges by causing them to spin out of control.
But the exploit had a previous element that was more complicated and "changed global military
strategy in the 21st century," according to Langer.
The lesser-known initial attack was designed to secretly draw "the equivalent of an electrical
blueprint of the Natanz plant, to understand how the computers control" the centrifuges used to
enrich uranium, Peter Sanger of The New York Times Reported last June.
Langer adds that the worm also subtly increased the pressure on spinning centrifuges while
showing the control room that everything appeared normal by replaying the plants protection
system values while the attack occurred.
OBJECTVIES :- The goal of the worm was not aimed at destroying centrifuges, but reducing
lifetime of Irans centrifuges and making the Iranians Fancy control systems appear beyond their
understanding.
DETAILS :- In 2010, Iran reported that as many as 1,000 of its centrifuges at the Natanz nuclear
facility, used for enriching weapons-grade uranium, were destroyed by a computer virus. The
virus allegedly wrecked the electric motors by accelerating them to damaging speeds and setting
back the Iranian nuclear program for at least two years. Iran blamed the U.S. and Israeli
intelligence agencies for the attack.
According to the Washington-based Institute for Science and International Security, the weapon
used for the attack was probably a virus called Stuxnet. But unlike other computer viruses,
Stuxnet is designed to attack only networks with specific configurations.
Stuxnet is a type of computer program called a "worm" that can be inserted into a
computer or a network of computers, where it replicates itself infecting other machines.
Once inside a computer, a worm can corrupt or damage files, causing malfunction of
programs.
Stuxnet is designed to attack computers with Microsoft Windows operating systems, and
it can be most easily inserted through infected removable drives - pocket-size memory
banks that connect to standard USB ports.
After the damage is done, Stuxnet is designed to self-destruct so it is very hard to trace.
According to experts studying Stuxnet, it is a very complex program and only
government agencies are capable of designing it.
Infection Statistics
The following graph shows the number of unique infected hosts by country. The above graph
shows that 60% of computers infected by stuxnet is located in Iran.
IRANIAN REACTION (MEASURES)
In response to the infection, Iran had assembled a team to combat it. With more than 30,000 IP
addresses affected in Iran, an official said that the infection is fast spreading in Iran and the
problem has been compounded by the ability of Stuxnet to mutate. Iran has set up its own
systems to clean up infections and has advised against using the Siemens SCADA antivirus since
it is suspected that the antivirus is actually embedded with codes which update Stuxnet instead of
eradicating it.
CHAPTER 7
CYBER LAW IN INDIA
THE INFORMATION TECHNOLOGY ACT, 2000 AND IT ACT AMENDMENT 2008.
The Government of India has put in place some mechanisms to counter the threat of cyber
terrorism.
Amendments under the Information Technology Act, 2000 has defined the term Cyber
terrorism U/Sec. 66F (1).
Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment
which may extend to imprisonment for life. (Section 66F (2))
Section 69 gives power to the state to issue directions for interception or monitoring or
decryption of any information through any computer source.
Section 70 A and 70 B- Agency for critical information and Indian Computer Emergency
response team (CERT-In) for incident response.
concluding your online transactions? How are you ensuring data protection and information
security on your web site? Are you recognizing the rights of your data subjects?
Transacting on the Internet has wide legal implications as it alters the conventional methods
of doing business. To build enduring relationships with your online customers the legal issues of
e-transactions need to be addressed from the onset.
This Awareness program will cover the basics of Internet Security basic information on
Indian Cyber Law Impact of technology aided crime Indian IT Act on covering the legal aspects
of all Online Activities Types of Internet policies required for an Organization. Minimum
hardware and software, security measures required in an organization to protect data.
CHAPTER 8
COMPARATIVE STUDY OF INDIAN IT ACTS AND FOREIGN
IT ACTS
OBJECTIVES
U.K LAW
U.K. parliament framed its Data Protection Act
(DPA) in the year 1984 which thereafter
repealed by the DPA of 1998. This Act is
basically instituted for the purpose of providing
protection and privacy of the personal data of
the individuals in UK. The Act covers data
which can be used to identify a living person.
This includes names, birthday, anniversary
dates, addresses, telephone numbers, fax
numbers, e-mail addresses etc. It applies only
to the data which is held or intended to be held,
on computers or other equipments operating
automatically in response to instructions given
for that purpose or held in a relevant filing
system.
Section 72
This section provides protection against breach
of confidentiality and privacy of the data. As
per this, any person upon whom powers have
been conferred under IT Act and allied
rules to secure access to any electronic record,
book, register, correspondence, information
document of other material discloses it to any
other person, shall be punished with
imprisonment which may extend to two years
or with fine which may extend to one lakh
rupees or both.
U.S Law
Though both U.S and the European Union
focus on enhancing privacy protection of their
citizens, U.S takes a different approach to
privacy from that of the European Union. US
adopted the sectoral approach that relies of mix
of legislation, regulation, and self regulation.
In U.S, data are grouped into several classes on
the basis of their utility and importance.
Thereafter, accordingly a different degree of
protection is awarded to the different classes of
data. Several Acts were also passed in order to
stabilize the data protection laws in the United
States.
Law of Contract
These days companies are relying on the
contract law as a useful means to protect their
information. The corporate houses enters into
several agreements with other companies
clients, agencies or partners to keep their
information secured to the extent they want to
secure it.
CHAPTER 9
WAYS ON HOW TO PREVENT CYBER TERRORISM FROM
HAPPENING.
9.6 Monitor
The best way to know what your child sees and does online is to monitor his activity. This
includes general supervision of, and participation in, his time spent online. Another option
includes the installation of monitoring software on your computer to track the activity. The Cyber
bullying Research Center warns against secretly spying on your child because this may cause
him to focus on hiding what he does online.
9.7 Filter
Installation of filtering software on your computer can help protect your child from viewing
inappropriate content online. This includes sexually explicit and verbally vulgar text and images.
The Cyber bullying Research Center does not recommend relying on this software alone,
however, because many children have found ways around this form of protection.
9.9 Communicate
According to the Cyber bullying Research Center, communication is crucial in protecting your
child from potential cyber bullying incidents. Speak with your child regularly to establish an
open line of communication. This may make it easier for your child to come forward and tell you
he is the victim of a cyber bully.
Save any text messages, social media posts and other examples of the bullying to show the
police. They can use this information as evidence against the bully.
9.13 Develop a strong password.
9.14 Keep software up to date.
9.15 Maintain the accurate browser security settings.
9.16 Compile strong firewalls.
CHAPTER 10
CONCLUSION
The Internet was developed primarily as an unregulated, open architecture. Not only are we
observing a predictable backlash to the corporatization of the network, where the tools of
destruction can easily be placed in the hands of the dissatisfied or malevolent people, we must
also deal with the fact that the infrastructure is ideally suited to criminal activities. Some of these
activities are being promoted as cyber terrorism; however, the loose use of the term is actually
undermining the defense capabilities of the very corporations and governments who are at risk.
Events can be analyzed in terms of their critical factors, and only if these factors all exist can the
event legitimately be called terrorism. With regard to cyber terrorism, that is, the use of hacking
tools and techniques to inflict grave harm such as loss of life, few conclusions can be drawn
about its potential effect on foreign policy, because there have been no reported incidents that
meet the criteria. What can be said is that the threat of cyber terrorism, combined with hacking
threats in general, is influencing policy decisions related to cyber defense at both a national and
international level. If we look at terrorism in general for insights into the potential effects of
cyber terrorism, we find that the effect of terrorism on the foreign policy issues at hand is
similarly difficult to assess, but here again, the threat of terrorism, particularly chemical,
biological, and nuclear terrorism, is having a significant effect on national defense policy.
REFERNCES
https://www.google.co.in/search?
q=cyber+warfare+depth&rlz=1C1RNNN_enIN400IN400&espv=210&es_sm=93
&source=lnms&tbm=isch&sa=X&ei=yqSiUrGaAc2UrAepuoG4Aw&ved=0CAk
Q_AUoAQ&biw=1212&bih=695
Cyber Attacks During the War on Terrorism:A Predictive Analysis. Dartmouth Institute for Security Technology Studies.
http://www.ists.dartmouth.edu/ISTS/counterterrorism/cyber_attacks.htm